US11163871B2ActiveUtilityA1

Controlling access to I/O ports based on user and system context

85
Assignee: DELL PRODUCTS LPPriority: May 2, 2019Filed: May 2, 2019Granted: Nov 2, 2021
Est. expiryMay 2, 2039(~12.8 yrs left)· nominal 20-yr term from priority
G06F 21/82G06F 21/85G06F 9/4406G06F 21/44G06F 9/4411
85
PatentIndex Score
4
Cited by
5
References
20
Claims

Abstract

In scenarios where I/O ports of an IHS are not secured, malicious actors may exploit such I/O ports when a user of the IHS is unaware. Embodiments provide techniques for securing access to I/O ports of an IHS based on the context of the IHS, which includes the user context and the system context of the IHS. Upon initialization of the IHS, access to the I/O ports is configured based on a boot context policy. The operating system is booted and use of the IHS proceeds. Modifications to an IHS context are detected. Based on a policy applicable to the modified IHS context, modified access to the I/O ports is configured. In embodiments where the IHS is a convertible laptop, a system context may include the posture in which the system is physically configured. A user context may include whether a user is detected in proximity to the IHS.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for securing access to I/O (Input/Output) ports of an Information Handling System (IHS), the method comprising:
 initializing the IHS; 
 configuring, by an embedded controller of the IHS, access to the I/O ports of the IHS based on a boot context policy; 
 booting an operating system of the IHS; 
 detecting a modification to an IHS context comprising a user context and a system context, wherein the user context comprises an authentication status of a user of the IHS, and wherein the user context further comprises an inability to detect the user's presence within a proximity to the IHS; and 
 disabling, by the embedded controller, one or more of the I/O ports in response to a detected modification to the IHS context indicating the presence of the authenticated user is not detected within the proximity to the IHS. 
 
     
     
       2. The method of  claim 1 , wherein the system context comprises a location of the IHS, and wherein the one or more I/O ports are disabled in response to a detected modification of the IHS context indicating the authenticated user is not within the proximity to the IHS while the IHS is in a public location. 
     
     
       3. The method of  claim 1 , wherein the system context comprises a detected physical presence of a device within in the proximity to the IHS. 
     
     
       4. The method of  claim 1 , wherein the system context comprises a mode for physically configuring the IHS. 
     
     
       5. The method of  claim 4 , wherein the physical configuration mode comprises a mode for using the IHS and a mode for transporting the IHS. 
     
     
       6. The method of  claim 1 , wherein the IHS is a convertible laptop supporting a plurality of physical postures and wherein the system context comprises a physical posture of the convertible laptop. 
     
     
       7. The method of  claim 6 , wherein the physical posture comprises at least one of a tablet mode, a laptop mode, a tent mode, a landscape mode and a book mode. 
     
     
       8. The method of  claim 1 , wherein the I/O ports comprise physical I/O ports and logical I/O ports. 
     
     
       9. An Information Handling System (IHS), comprising:
 a plurality of I/O (Input/Output) ports; 
 a sensor hub comprising a logic unit configured via firmware instructions to determine a user context of the IHS; and 
 an embedded controller comprising a logic unit that is configured by firmware instructions to:
 configure, upon initialization of the IHS, access to the I/O ports based on a boot context policy, wherein the access to the I/O ports is configured by the embedded controller prior to booting an operation system of the IHS; 
 determine a system context of the IHS; 
 detect, upon a booting an operating system of the IHS, a modification to an IHS context comprising the user context and the system context wherein the user context comprises an authentication status of a user of the IHS, and wherein the user context further comprises an inability to detect the user's presence within a proximity to the IHS; and 
 
 disable one or more of the I/O ports in response to a detected modification to the IHS context indicating the presence of the authenticated user is not detected within the proximity to the IHS. 
 
     
     
       10. The IHS of  claim 9 , wherein the system context comprises a detected physical presence of a device in the proximity to the IHS. 
     
     
       11. The IHS of  claim 9 , wherein the system context comprises a mode for physically configuring the IHS. 
     
     
       12. The IHS of  claim 11 , wherein the physical configuration mode comprises a mode for using the IHS and a mode for transporting the IHS. 
     
     
       13. The IHS of  claim 9 , wherein the IHS is a convertible laptop supporting a plurality of physical postures and wherein the system context comprises a physical posture of the convertible laptop. 
     
     
       14. The IHS of  claim 13 , wherein the physical posture comprises at least one of a tablet mode, a laptop mode, a tent mode, a landscape mode and a book mode. 
     
     
       15. The IHS of  claim 9 , wherein the I/O ports comprise physical I/O ports and logical I/O ports. 
     
     
       16. An embedded controller for securing access to I/O (Input/Output) ports of an Information Handling System (IHS), the embedded controller comprising a memory having program instructions stored thereon that, upon execution by a logic unit, cause the embedded controller to:
 configure, upon initialization of the IHS, access to the I/O ports based on a boot context policy; 
 determine a system context of the IHS; 
 determine a user context of the IHS, wherein the user context comprises an authentication status of a user of the IHS, and wherein the user context further comprises detecting the user's presence within a proximity to the IHS; 
 detect, upon a booting an operating system of the IHS, a modification to an IHS context comprising the user context and the system context; and 
 disable one or more of the I/O ports in response to a detected modification to the IHS context indicating the presence of the authenticated user is not detected within the proximity to the IHS. 
 
     
     
       17. The embedded controller of  claim 16 , wherein the system context comprises a detected physical presence of a device in the proximity to the IHS. 
     
     
       18. The embedded controller of  claim 16 , wherein the system context comprises modes of physically configuring the IHS for using the IHS and for transporting the IHS. 
     
     
       19. The embedded controller of  claim 16 , wherein the IHS is a convertible laptop supporting a plurality of physical postures and wherein the system context comprises a physical posture of the convertible laptop. 
     
     
       20. The embedded controller of  claim 19 , wherein the physical posture comprises at least one of a tablet mode, a laptop mode, a tent mode, a landscape mode and a book mode.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.